Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 5, 2009

Complete DHS Daily Report for June 5, 2009

Daily Report

Top Stories

 According to the Houston Chronicle, the FBI, the FAA, and the Liberty County, Texas Sheriff’s Department met Tuesday to compare notes on an unidentified flying object reported on May 29 by an ExpressJet Airlines pilot shortly after takeoff from Bush Intercontinental Airport. (See item 14)

14. June 3, Houston Chronicle – (Texas) FAA looks into what pilot saw over Liberty. The Federal Bureau of Investigation (FBI), the Federal Aviation Administration and the Liberty County Sheriff’s Department met June 2 to compare notes on an unidentified flying object reported late last week by an ExpressJet Airlines pilot. The pilot reported a “missile or rocket” flying near his airplane May 29 at 8:09 p.m., shortly after takeoff from Bush Intercontinental Airport, according to sheriff’s officials. “The FAA then contacted the Liberty County department dispatcher and said their pilot reported an object flying straight at his aircraft and passed 100 feet under it,” said the chief deputy for the Liberty County Sheriff’s Department. An FBI spokeswoman said the agency was aware of the sighting. “We haven’t found anything yet — either something on the ground where it launched or on the ground where it came down,” said a Liberty County Sheriff’s corporal. The Continental Express jet was on a commercial flight to Greenville, South Carolina. Source:

 Minnesota Public Radio and the Associated Press report that Minnesota’s OSHA has opened an investigation into an ammonia leak that was discovered Tuesday at the JBS Swift pork plant in Worthington. More than 50 workers were hospitalized after an overhead pipe carrying the refrigerant broke. (See item 20)

20. June 3, Minnesota Public Radio and Associated Press – (Minnesota) OSHA to investigate Worthington ammonia leak. Minnesota’s Occupational Safety and Health Administration (OSHA) has opened an investigation into an ammonia leak that was discovered Tuesday at the JBS Swift pork plant in Worthington. More than 50 workers were hospitalized after an overhead pipe carrying the refrigerant broke. JBS officials were not sure what caused the break. OSHA inspectors will interview employees who were working at the time, as well as review the company’s safety and health procedures and the training that was offered to employees, according to the OSHA communications director. There were no serious injuries, and most of the workers have been released following checkups. The OSHA communications director said it is still unclear if the leak involved a faulty valve. Source:


Banking and Finance Sector

8. June 4, Bloomberg – (National) FDIC offers financing for failed bank assets; delays loan sale. The Federal Deposit Insurance Corp., unable to get U.S. banks to sell toxic loans in a government program, plans to sell hard-to-price assets seized from failed lenders using guaranteed debt financing. A test auction of illiquid bank assets, planned this month, was delayed after lenders raised capital without needing to sell bad loans, the agency said. The FDIC will instead use debt guarantees as an incentive for buyers of assets when lenders are in receivership, the agency said. “If the FDIC can sell bad assets of failed banks, they will be a winner and it gives opportunities for the private sector as well,” said a partner specializing in financial services at law firm Jones Day in Atlanta. The U.S. President’s administration unveiled the two-part Public- Private Investment Program on March 23 as a centerpiece of its effort to shore up the financial system by removing illiquid assets. It would be funded by $75 billion to $100 billion from the Treasury’s Troubled Asset Relief Program. Since the program was announced, U.S. banks have raised capital through stock sales and by converting preferred shares, and as of June 3 the total reached almost $100 billion, according to data compiled by Bloomberg. Source:

9. June 3, Fremont Tribune – (Nebraska) Police warn of possible phone scam. Fremont Police are warning residents to be alert for a possible phone scam. A police lieutenant said the department received more than 20 calls on June 2 in reference to recorded phone calls that claimed to be from several different banks. The message informed those who answered that their credit card may have been compromised and they were asked to enter their credit card number. “It appears this is a scam and we suggest that no one enter their credit card information,” the lieutenant said. The lieutenant also encouraged anyone who has questions about the calls to contact their local bank. Source:

10. June 3, – (National) FDIC extends $250,000 deposit insurance. Consumers who want to safeguard their money in these turbulent times will benefit from the four-year extension of $250,000 FDIC deposit insurance per depositor on individual accounts. The insurance limit was slated to roll back to $100,000 January 1, 2010, but Congress has extended the deadline through December 31, 2013. As things stand now, the standard insurance coverage will revert to $100,000 per depositor January 1, 2014. “No doubt some investors had been nervously eyeing the December 31 sunset of that $250,000 threshold,” said a senior financial analyst at “If they were renewing CDs, any maturities of seven months, nine months, a year, pretty common maturities, anything beyond that December 31 time frame had to have enough wiggle room so that interest earnings did not put the investors over the lower $100,000 insurance cap that would have been reinstated.” The original increase from $100,000 to $250,000 was announced in October 2008 as consumers were losing faith in the financial markets and the banking system. Congress wanted to assure consumers that their funds were safe in the nation’s FDIC-insured banks and NCUA-insured credit unions. Source:

11. June 2, SC Magazine – (National) Bank of America certificate scam propagating Waledac, Virut. A new spam campaign disguised as a Bank of America email telling users they need to update their digital certificate is attempting to lure users into installing the Waledac worm. The messages, which first started being detected recently, seemingly come from Bank of America, and tell users, “The digital certificate for your Bank of America direct online account has expired. You need to update the certificate using Bank of America direct digital certificate updating procedure.” Recipients are then instructed to click on a link and follow the given instructions, the lead threat analyst at web and email security firm Marshal8e6 told in an email on June 1. The spam originates from the Pushdo botnet, which has been active in similar malicious phishing attacks, the analyst said. After following the link, the user is encouraged to fill in a web form, and to download a new “digital certificate” to continue, the analyst said. The “certificate” however, is an executable file which seeks to download malware to the victim’s PC. The SANS Internet Storm center said in a post on June 1 that a quick analysis of this malware showed “probable signs” of Waledac, the notorious worm capable of harvesting and forwarding password information and receiving commands from a remote server. A threat researcher for Panda Security confirmed to on June 2 that the threat is being detected as Waledac. Source:

Information Technology

36. June 4, Tech Crunch – (International) Phishing scam targets YouTube partners. Some YouTube partners are being hit with e-mails seemingly coming from Google/YouTube teams attempting to trick them into replying with their login credentials and other personal information. One partner contacted Tech Crunch with screenshots of the phishing messages, the first received at the end of May and the second on June 3rd, coming from and delivered to different accounts. While the first e-mail was quite amateuristic of nature and came filled with stuff that should raise quite some warning flags (typos, clumsy phrasing, Youtube instead of YouTube, etc.), the second appeared more genuine and had a body text edited rather professionally. In both cases, the YouTube partner was told that there was some kind of problem with his or her account, either with videos that purportedly contained copyrighted material, hate speech/bullying, or other issues that violate the service’s ToS. The first e-mail urged partners to respond with their username, password, e-mail address and D.O.B, while the second asked only for the password. It is unclear whether this phishing scam was aimed at our tipster specifically or if this is a more widespread problem, but in any case YouTube has been alerted by the user and a Tech Crunch staff member, although neither have yet to receive a response. Source:

37. June 3, Congress Daily – (National) Obama Administration begins work on cybersecurity R&D. Maximizing government investment in federal cybersecurity research and development is a major component of the U.S. President’s plan to bolster defenses against high-tech attacks. If the White House’s new cyber strategy and key agencies’ fiscal 2010 budget requests are any indication, they are off to a solid start. In the near term, the White House’s unnamed cyber czar will be charged with developing a framework for R&D strategies that focus on “game-changing technologies” and provide the research community access to event data to help develop tools and testing theories, according to the May 29 report, which stemmed from a 60-day review. That czar will eventually develop threat scenarios and metrics for risk management decisions, recovery planning and R&D prioritization. “Research on new approaches to achieving security and resiliency in information and communications infrastructures is insufficient,” the report stated. “The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements.” The President proposed a $37.2 million cyber R&D budget for DHS in fiscal 2010 to support operations in its national cybersecurity division as well as projects within the CNCI. DHS is using much of its fiscal 2009 allotment to deploy Einstein, a system to analyze civilian agencies’ systems for cyber threats and intrusions. Source:

For a related story see Item 11in the Banking and Finance Sector, above.

Communications Sector

38. June 3, Oceana Herald Journal – (Michigan) Cut cable disrupts phone service for 6 hours. A cut fiber-optic cable in the Shelby area May 29 interrupted land-based and cellular telephone service in Oceana and Mason counties for approximately 6 hours. Verizon crews located the cut line at approximately 2 p.m., but were unable to provide an exact location. It was a Verizon contractor that cut the line. Most service was restored by 4 p.m., but some AT&T customers and Carr Telephone customers in Mason County did not have their service restored until slightly later. The interruption affected Verizon telephone, Verizon Wireless and Nextel phone services. Altell cell phone service was sporadic. The outage also affected some internet access and prompted some banks to close. The severed fiber-optic cable mainly affected Oceana County, the Mason-Oceana Central dispatch director said. Mason County still had phone service, he said, but could not contact central dispatch.


39. June 2, Unstrung – (National) Test results raise femto service concerns. Policy management techniques used by broadband service providers are a serious threat to the quality of services —particularly voice — delivered over femtocell connections. The issue, which came to light during recent service tests, is a major concern, as the use of policy control technologies could potentially cause major service quality problems for mobile operators when they rely on broadband connections from other operators to backhaul femtocell traffic. When third-party providers are used for that portion of the network, mobile operators do not have complete control over how their traffic is treated. And, as a result, the quality of femto services, especially voice, could suffer. Broadband test specialist Epitiro recently evaluated femtocell voice and data service quality over the top ten broadband networks in an unidentified country, which cannot be named for confidentiality reasons. Epitiro found that even the lowest-end consumer broadband service had enough bandwidth capacity to support a femtocell service, so capacity was deemed not to be an issue. But in four out of the ten cases, the test results showed poor voice service quality. A closer inspection into the degraded voice services revealed that packet loss was the culprit for the quality problems, according the chief technology officer at Epitiro. In his analysis, he concludes the reason for the packet loss in those four cases was the policy management used to control IPsec traffic: That has a direct impact on femto traffic, which is encrypted in IPsec tunnels. Epitiro’s test results show that in a worse-case scenario, users would lose service during peak periods. Source:

40. June 2, Capital Times – (Wisconsin) Charter customers back on line. Thousands of local Charter Communications customers could not watch TV and had a difficult time communicating for about eight hours on June 1, after a main fiber optic cable was damaged on the south side. The outage lasted from about 11 a.m. to 7 p.m., affecting cable TV, Internet, and phone customers in Madison, Oregon, Brooklyn, Baraboo, Portage and Dodgeville. A construction company truck damaged the cable when the cable was knocked off a pole in Fitchburg. Source:

Thursday, June 4, 2009

Complete DHS Daily Report for June 4, 2009

Daily Report

Top Stories

· According to the Columbus Dispatch, federal and local investigators say an arsonist set a fire that caused an estimated $5 million to $10 million in damage last week to a manufacturing plant in Hilliard, Ohio. The facility housed HighCom Security and Wolfden Products. (See item 10)

10. June 2, Columbus Dispatch – (Ohio) Investigators: Hilliard fire was arson. Federal and local investigators say an arsonist set a fire that caused an estimated $5 million to $10 million in damage last week to a manufacturing plant in Hilliard. A spokeswoman for HighCom Security, which provides body armor and other equipment for police and the military, said her company’s portion of the facility had only been running for about a year, as its first manufacturing plant. The building also housed Wolfden Products, which makes fiber composites for military, automotive and industrial uses. State fire marshal investigators had called in the national response team of the Bureau of Alcohol, Tobacco, Firearms and Explosives to help inspect the 75,000-square-foot building. Source:

· IDG News Service reports that as many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense. (See item 35)

See item 35 in the Information Technology Sector


Banking and Finance Sector

12. June 2, Wall Street Journal – (National) FBI director anticipates new crime wave of financial fraud. The Federal Bureau of Investigation is braced for a potential crime wave involving fraud and corruption related to bank bailout money and the economic stimulus package, the FBI director warned on June 2. “These funds are inherently vulnerable to bribery, fraud, conflicts of interest and collusion. There is an old adage, that where there is money to be made, fraud is not far behind, like bees to honey,” the director told an afternoon gathering of business executives. Given the trillions and trillions of dollars involved in the government’s current moves to stem the economic crisis, “from the purchase of troubled assets to improvements in infrastructure, health care, energy and education, even a small percentage of fraud would result in substantial taxpayer losses,” said the director. Source:

13. June 2, Bozeman Daily Chronicle – (Montana) Scam claims to be First Interstate Bank. Several Bozeman-area residents have reported receiving automated telephone calls from a company fraudulently representing itself as First Interstate Bank and asking them to provide their credit or bank card information. In the message, the company tells the resident that the security of their card has been compromised. The resident is then asked to supply their card number and personal identification number so that a new card can be issued. “If you receive one of these calls, do not give any information and do not return any phone calls,” states a scam alert issued on June 2 by the Bozeman Police Department. Local law enforcement officials are asking people who receive the fraudulent calls to contact police and their bank to verify if it needs any information. First Interstate Bank is aware of the scam and advises that they would not solicit any personal information via the telephone, Internet or e-mail. Source:

14. June 2, Associated Press – (National) Indictment: Colo scam raked in $10M from 15 states. Two men are accused of running a $10 million Ponzi scheme based in Colorado that bilked investors from 15 states and the U.S. Virgin Islands. The defendants are accused of talking dozens of people into investing in a scheme to buy and resell electronics and appliances. An indictment handed up on May 29 and made public on June 2 charges the defendants with counts of theft and securities fraud. The indictment lists victims in Arizona, California, Colorado, Connecticut, Florida, Georgia, Massachusetts, Minnesota, New Mexico, New York, Ohio, South Carolina, Texas, Washington and Wisconsin and the U.S. Virgin Islands. The indictment alleges one of the defendants claimed to have a rare and valuable master purchase agreement with a major electronics manufacturer that would allow his company, Genius Inc., to buy in bulk for wholesale resale. No such agreement existed, and money from investors was used for personal expenses, gambling and payouts to other investors, according to the indictment. An investigation concluded only $100,000 was spent on electronics and appliance purchases from June 2005 to February 2008, during which millions were raised. Source:

15. June 2, U.S. Banker – (National) FDIC setting up Committee on Community Banking. The Federal Deposit Insurance Corp.’s board of directors voted last week to create the FDIC Advisory Committee on Community Banking. Calling community banks the “lifeblood of our nation’s financial system,” the FDIC chairman said the committee “will get direct and frequent input on many issues from a cross-section of community bankers nationwide.” The chairman of the Independent Community Bankers of America and president and chief executive officer of Easton Bank praised the creation of the committee. In a public statement on May 29 he said the group will offer advice on issues such as the “latest examination policies and procedures, deposit insurance assessments and regulatory compliance matters.” Insurance coverage and credit and lending practices will also be on the agenda. Another topic on the table may well be consolidation, as the FDIC and the industry continue to face the highest level of bank failures in decades, although that prospect was not addressed by either party. “Across the U.S. right now there are still a fair number of community and regional banks with significant problems,” says a partner in Bryan Cave’s Atlanta office and a member of the law firm’s financial institutions team. Source:

Information Technology

35. June 2, IDG News Service – (International) Thousands of Web sites stung by mass hacking attack. As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense. The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site’s usage, then to another bad site, said the threat research manager for Websense. Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked, the researcher said. Another possibility is that the FTP credentials for the sites have somehow been obtained by hackers, giving them access to the inner workings of the site. It appears the hackers are using automated tools to seek out vulnerable Web sites, the researcher said. The latest campaign underscores the success hackers have at hosting dangerous code on poorly secured Web sites. Once a user has been directed to the bogus Google analytics site, it redirects again to another malicious domain. That site tests to see if the PC has software vulnerabilities in either Microsoft Corp.’s Internet Explorer browser or Firefox that can be exploited in order to deliver malware, the researcher said. If it does not find a problem there, it will launch a fake warning saying the computer is infected with malware and then try to get the user to willingly download a program that purports to be security software but is actually a Trojan downloader, he said. The fake security programs are often called “scareware” and do not work as advertised. As of May 29, only four of 39 security software programs could detect that Trojan, although that is now likely changed as vendors such as Websense swap malware samples with other companies in order to improve overall Internet security. Source: See also:

36. June 2, eWeek – (International) Apple patches QuickTime, updates iTunes. Apple has issued a slew of critical patches for its QuickTime media player and updated the digital media application iTunes. Version 7.6.2 of QuickTime received the majority of patches, targeted at patching holes that allow maliciously crafted files to perform unexpected application terminations or arbitrary code executions. The iTunes upgraded software now supports iPhone and iPod touch with the iPhone’s 3.0 software update, and Version 8.2 also includes “many accessibility improvements and bug fixes,” according to Apple. In March, Apple announced that iPhone firmware Version 3.0 was due to be released in mid-2009. One QuickTime patch fixes a memory corruption issue that existed in the player’s handling of Sorenson 3 video files, while another addressed the issue of a heap buffer overflow existing in the handling of FLC compression files. Eight of the patches concern Apple and Microsoft operating systems, and two patches address vulnerabilities found only in Microsoft Vista and XP versions. The update is the second this year for QuickTime; the first, issued in January, fixes seven security vulnerabilities. Microsoft noted in a security report published in 2008 that, in the first half of 2008, a QuickTime flaw had been the third-most attacked vulnerability for Windows XP users and the fourth-most attacked for Vista customers. Source: See also:

Communications Sector

37. June 3, Daily Times – (Virginia) Broadband cables to be placed. The Eastern Shore of Virginia Broadband Authority announced this week that it has completed an easement purchase agreement with Canonie Atlantic Company and Cassatt Management LLC (Bay Coast Railroad) for placement of a fiber optic cable along the railroad immediately. Installation along the railway corridor is part of the network backbone, or the “super highway” of the high-speed network. The first phase of the broadband initiative, which places the fiber optic cable across the Chesapeake Bay Bridge-Tunnel, is nearing completion, officials said in a prepared release. The goal of the authority is to provide the most affordable, technologically up-to-date broadband Internet service possible for all residents, businesses and institutions on Virginia’s Eastern Shore; and to provide very high-speed access, said the interim executive director of the authority. Source:

38. June 2, Tampa Bay Business Journal – (Florida) AT&T activates Pasco, Hernando cell towers. AT&T has activated three new cell sites in Pasco and Hernando counties. The new sites are among nearly 100 AT&T plans to add in Florida this year. The Hernando County cell site, located on U.S. 19 north of the Forest Oaks Boulevard intersection, is providing additional wireless coverage in northern Spring Hill and along U.S. 19 just south of Weeki Wachee. In northwestern Pasco County, a new cell site on Antler Lane is just east of the Suncoast Parkway/Veterans Expressway and north of the Shady Hills Road exit. It is boosting coverage in Shady Hills and eastern Spring Hill, the company said. Another new cell site is near County Line Road and Meadow Pointe Boulevard in Wesley Chapel and that is expanding coverage in the Meadow Pointe subdivision, according to a release. The new Hernando and Pasco county cell sites are part of AT&T’s continued expansion of its high-speed, third-generation network. AT&T announced late May that it would be upgrading its network with the goal of increasing speed. Those upgrades are slated to begin later this year for completion expected in 2011. Source:

39. June 1, Techworld – (International) Servers crash after data center overheats. The spate of hot weather in the United Kingdom claimed a notable scalp after a London data center experienced a cooling failure, which caused several servers to overheat and crash. The Braham Street data center, located in the City of London, and owned by Level 3 Communications, experienced a chiller failure on May 31 when one of the five units designed to cool the data centre failed. “The faulty chiller is currently being repaired, and the other chillers continue to operate at the facility,” he added. “Customers are being informed of the issue.” Techworld understands that the data center itself continued to run as usual with no downtime, but that several servers within the data center itself overheated and crashed. Although the outside temperature on May 31 in that area peaked at a high of 23 degrees Celsius (73 degrees Fahrenheit), the internal temperatures within the data centre soared to an estimated 50 degrees Celsius (122 degrees Fahrenheit) by 7 p.m. in the evening. Typically, data centers aim to run at anywhere from 18 to 25 degrees Celsius (64 to 77 degrees Fahrenheit). These soaring temperatures claimed at least one victim, bringing down servers belonging to the music service, for five hours approximately. Source: